Skip to main content

Hitachi ID certification

Product Sites

Control Administrator Access

Managing privileged passwords, including local administrator, service account and embedded application passwords, is a challenge in most organizations. There are often too many passwords, distributed across too many devices, with too many inter-dependencies. As a result, privileged passwords are often static, simple and well-known.

IT staff often retain privileged passwords long after they leave and attackers have long time windows to attack service and application passwords.

These security problems may violate regulatory requirements for privacy protection or transparent corporate governance.

Privileged access management systems secure access to administrator and other accounts with elevated privileges on systems and applications. This is typically done through a combination of:

  • Discovering systems and applications where privileged accounts exist.
  • Extracting a list of accounts from each system.
  • Applying policy to determine which accounts to manage.
  • Periodically randomizing passwords to these accounts.
  • Storing these random passwords in a secure credential vault.
  • Authenticating users who need to access these accounts.
  • Applying access control policy to determine what users are allowed access to which privileged accounts.
  • Providing one or more access disclosure mechanisms to connect approved users to privileged accounts.
  • Controlling how many users may concurrently sign into the same privileged account.
  • Logging and reporting on this access.

Hitachi ID Privileged Access Manager secures privileged accounts on an enterprise scale:

  • It periodically randomizes every privileged password.
  • Users must sign into Privileged Access Manager when they need to use a privileged account. Multi-factor authentication can be required.
  • Privileged Access Manager launches login sessions on behalf of users, without displaying passwords -- single sign-on.
  • Logins to privileged user accounts can be recorded, including screen capture and keyboard logging. This creates strong accountability and forensic audit trails.

Return to Identity Management Concepts

page top page top